[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IV or no IV; that is not the question...




> Without an IV, what you are running is the ECB mode of these 
> algorithms which is highly insecure. I do not think that should be 
> encouraged.
>      
>      Am I missing something?
>      
>      Bill

Yes, you and Perry are both missing something.  If you read the "Combined
DES-CBC, HMAC and Replay Prevention Security Transform" Internet Draft, it
says that the IVs for the initiator and responder are derived from the
secret key using keyed MD5:

	IV_Key_I	= Truncate(MD5( I_Pad_I | K ),64)
	IV_Key_R	= Truncate(MD5( I_Pad_R | K ),64)

...where "I_Pad_I" and "I_Pad_R" are constants and "K" is the secret key.

In other words, the IVs do not need to be explicitly communicated, though
we are, of course, doing CBC.  That's why the draft lists this field as
Optional.

Derrell